[lug] iptables and PCAnywhere 10.5 through a masq firewall

D. Stimits stimits at idcomm.com
Tue Feb 5 17:31:23 MST 2002


I don't know for certain if you received the other guy's reply...that
would depend on whether you just sent the email to BLUG or actually
joined the list. In case you didn't see it, here are the ports he gave:
<quote>
I got this out of /usr/share/nmap/nmap-services

pcanywheredata    5631/tcp
pcanywherestat    5632/tcp
pcanywherestat    5632/udp
pcanywhere        65301/tcp

It's a handy file.
</quote credit_goes_to="John Hernandez">

I would guess that anything arriving on those ports and protocols would
have to be accepted.

D. Stimits, stimits at idcomm.com

"Joseph D. Lien" wrote:
> 
> Greetings:
> 
> I had seen that at one time you were setting up a server to allow connections
> from PCAnywhere clients to a machine on an internal network.  I am doing the
> same thing, and I have honest to god been working on it for the last
> ten hours and am about do lose my mind!
> 
> I can't see what the heck I'm doing wrong... I've read the man pages about six
> times through, and I now understand the options and parameters pretty well,
> but for some reason my configuration just isn't opening up the port on my machine.
> 
> The machine I'm working with has a domain name "scrui.dnsq.org"... here is the
> configuration that I've come up with so far:
> 
> cho "   Enabling forwarding for PCAnywhere on Mizery..."
> $IPTABLES -t nat -A PREROUTING -i $EXTIF -p tcp -s 0/0 -d $EXTIP --dport 5631 -j DNAT --to $INTIP:5631
> 
> $IPTABLES -t nat -A PREROUTING -i $EXTIF -p udp -s 0/0 -d $EXTIP --dport 5632 -j DNAT --to $INTIP:5632
> 
> #These have got to be the lines for properly mangling my packets...
> #$IPTABLES -t nat -A POSTROUTING -p tcp -s 192.168.1.1 --sport 5631 #-j SNAT --to $EXTIP:5631
> #$IPTABLES -t nat -A PREROUTING -p tcp -d $EXTIP --sport 5631 -j DNAT --to 192.168.1.1:5631
> 
> #$IPTABLES -t nat -A POSTROUTING -p udp -s 192.168.1.1 --sport 5631 #-j SNAT --to $EXTIP:5632
> #$IPTABLES -t nat -A PREROUTING -p udp -d $EXTIP --sport 5632 -j DNAT --to 192.168.1.1:5632
> 
> $EXTIF is eth0, $INTIF is also eth0  (technically it's eth0:1, but the program doesn't like that)
> $EXTIP is a line that greps ifconfig to get the actual internet ip address,
> $INTIP is 192.168.1.1 (The addy of the machine I'm trying to connect to)
> 
> If you, or someone you know could help me out, I'd be REALLY grateful...
> I've been working on this for a long long time and it's driving me nuts.
> 
> Thanks a lot!
> 
> -J.D.
> 
> +-------------------------------------------
> | Joseph D. Lien (jdlien at full-spectrum.ca)
> | President of Full Spectrum Design
> |
> | Phone: (780) 672-7827
> | Fax:   (780) 672-8102
> | Pager: (780) 671-2676
> |
> | 5809 48A Ave., Camrose, AB  T4V 0L4
> +-------------------------------------------
> 
> Full Spectrum Design Specializes in Creative Media
> for your advertising and promotional needs.
> 
>  Visit us online at http://www.full-spectrum.ca/
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug



More information about the LUG mailing list